On Mon, May 20, 2002 at 12:57:05PM -0700, Thomas Bushnell, BSG wrote:
>
> John Robinson went further, however, saying that if it isn't provided,
> the system can't be said to have any security at all.
I DID NOT! what i did say (and i quote myself here) is:
Message-ID: <[🔎]20020520180124.GB11058@ucsd.edu>
Debian (using a linux, bsd, or gnumach/l4 (micro)kernel) should be
``Secure by default.'' if this means that no firewalling -> no debian
release, then so be it.
note the ``if this means'' firewalling on the host is -almost- useless
(but not quite). if our default kernels are not compiled with ipchains/
iptables/ipfwadm, then that is a problem, and needs to be addressed.
if we install and enable ``unsecure'' services in the default install
(base+standard), then this is a *major* problem and needs to be fixed.
i said that that debian needs to be secure by default. i read that to
mean: no unsecure services run by default.
this means no telnet, no authenticated ftp, no sendmail (sorry, i don't
trust sendmail), or any other plain-text password protocol (apop is
okay, pop3 is not. pop over SSL is preferred)
--if that means-- means -> if the release manager sez that it shall
have firewalling (i read that to mean: iptables/ipchains/ipfwadm/
whatever available), then firewalling it shall have.
or, in other words: that is not a decision i can unilaterally
make. i beleive that the default install should have firewalling
in the kernel, and the userland tools to manipulate the rules.
(firewalling is _available_). i do not beleive this to mean that
we include ultra paranoid scripts to close everything off. if
those are available, fine, but there is no way i would consider
the lack of paranoid scripts to be a showstopper
_please_ don't put words into my mouth, i am very good at doing it on my
own ;)
> Network firewalls in theory help with the problem of badly configured
> hosts. Host-based firewalls don't help that at all.
the host based was addressed by the scenario of the spider installing a
rootshell listening on a high port. however, that also prevents things
like http clients to function, so it is almost useless.
my main point: i said Secure by default. i did not specify what that
meant, but added that if it meant a certain thing, then that is what it
means (perhaps i failed by not specifying _further_ what i meant, but i
have this opportunity to fix that ;)
-john
ps: i may not subscribe to -hurd, but i do subscribe to -devel, so no
need to cc: me. thanks.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org